Privacy Policy

How we collect, use, store, and protect your personal information.

Effective Date: 1 January 2026
Last Updated: 19 February 2026
Entity: Tech Blaze Pty Ltd

1. Introduction

Tech Blaze Pty Ltd ("Tech Blaze", "we", "us", or "our") is committed to protecting the privacy of individuals whose personal information we collect and handle. We are a cybersecurity consultancy based in Canberra, Australian Capital Territory, providing IRAP assessment, Essential Eight uplift, virtual CISO, and related cybersecurity advisory services.

This Privacy Policy sets out how we collect, use, disclose, store, and protect personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act.

By engaging our services, visiting our website (techblaze.com.au), or otherwise providing personal information to us, you acknowledge that you have read and understood this Privacy Policy.

2. What Personal Information We Collect

We collect personal information that is reasonably necessary for, or directly related to, our business functions and activities. The types of personal information we may collect include:

2.1 Contact Information

  • Full name
  • Email address
  • Telephone number
  • Business address
  • Job title and organisation name

2.2 Professional Information

  • Professional qualifications and certifications
  • Employment history (where relevant to engagement delivery)
  • Security clearance status (where relevant to engagement delivery)

2.3 Engagement Information

  • Information provided in the course of a consulting engagement, including system documentation, security assessments, risk registers, and related materials
  • Communications between you and Tech Blaze (emails, meeting notes, correspondence)
  • Invoicing and payment information (business account details, purchase order numbers)

2.4 Website Information

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited on our website
  • Referring URL
  • Date and time of visit
  • Cookies and similar tracking technologies (see Section 8)

2.5 Sensitive Information

We do not generally collect sensitive information as defined under the Privacy Act (such as health information, racial or ethnic origin, political opinions, or biometric data). In limited circumstances where sensitive information is provided to us in the course of a security assessment or clearance-related engagement, we collect it only with your consent and handle it with additional safeguards.

3. How We Collect Personal Information

We collect personal information through the following means:

  • Directly from you — when you contact us via our website, email, telephone, or in person; when you engage our services; when you submit a contact form or enquiry
  • From your organisation — when your employer or client engages us to provide services and provides your contact details or professional information as part of that engagement
  • From publicly available sources — professional networking platforms (such as LinkedIn), company websites, and publicly available government directories
  • Automatically via our website — through cookies, web server logs, and analytics tools when you visit techblaze.com.au

We will take reasonable steps to notify you of the collection of your personal information at or before the time of collection, or as soon as practicable afterwards, in accordance with APP 5.

4. Purpose of Collection — How We Use Personal Information

We collect and use personal information for the following purposes:

  • Service delivery — to provide cybersecurity consulting services, including IRAP assessments, Essential Eight uplift programs, vCISO engagements, and related advisory services
  • Communication — to respond to your enquiries, provide information you have requested, and communicate with you about our services
  • Engagement management — to manage our consulting engagements, including scheduling, project management, invoicing, and reporting
  • Legal and regulatory compliance — to comply with our legal obligations, including obligations under the Privacy Act, the Corporations Act 2001 (Cth), and Australian taxation legislation
  • Business improvement — to improve our services, website, and business operations based on aggregated and de-identified usage data
  • Marketing — to send you information about our services, insights, and publications that may be relevant to you, where you have consented to receiving such communications or where we are otherwise permitted to do so under the Privacy Act

We will not use or disclose personal information for a purpose other than the purpose for which it was collected (the primary purpose), unless:

  • You have consented to the use or disclosure for a secondary purpose
  • You would reasonably expect us to use or disclose the information for the secondary purpose, and the secondary purpose is related to the primary purpose (or, in the case of sensitive information, directly related)
  • The use or disclosure is required or authorised by or under an Australian law or a court/tribunal order
  • A permitted general situation or permitted health situation exists under the Privacy Act

5. Disclosure of Personal Information

We may disclose personal information to the following categories of third parties:

  • Subcontractors and service providers — where we engage specialist subcontractors to assist in delivering our services (for example, specialist penetration testing providers). These subcontractors are bound by confidentiality obligations and are required to handle personal information in accordance with the APPs.
  • Professional advisors — our accountants, lawyers, and insurers, where necessary for the management of our business.
  • Government agencies — where required by law or where disclosure is necessary for the performance of our services (for example, in the context of an IRAP assessment or DISP-related engagement where information is provided to the relevant Australian Government agencies).
  • Technology service providers — providers of IT infrastructure, cloud hosting, email, and website analytics services that we use to operate our business (see Section 8 for details on website analytics).

5.1 Overseas Disclosure

We do not routinely disclose personal information to recipients outside of Australia. Where our technology service providers (such as cloud hosting or email providers) process data in overseas locations, we take reasonable steps to ensure that those providers comply with the APPs or are subject to a law or binding scheme that is substantially similar to the APPs.

If we need to disclose personal information to an overseas recipient for a specific purpose, we will notify you and obtain your consent unless an exception under APP 8 applies.

6. Storage and Security of Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. As a cybersecurity consultancy, we apply security measures consistent with the standards we advise our clients to implement. These include:

  • Encryption — personal information stored electronically is encrypted at rest and in transit using industry-standard encryption protocols (AES-256 for data at rest, TLS 1.2 or higher for data in transit)
  • Access controls — access to personal information is restricted to authorised personnel on a need-to-know basis, with multi-factor authentication enforced for all systems containing personal information
  • Physical security — physical documents containing personal information are stored in locked facilities with appropriate access controls
  • Data minimisation — we only collect and retain personal information that is reasonably necessary for our business purposes
  • Secure disposal — personal information that is no longer needed is securely destroyed or de-identified in accordance with APP 11.2

6.1 Data Retention

We retain personal information for as long as it is needed for the purposes for which it was collected, or as required by law. Specific retention periods include:

  • Engagement records — retained for a minimum of seven (7) years after the completion of the engagement, in accordance with Australian taxation and professional obligations
  • Website analytics data — retained for a maximum of twenty-six (26) months
  • Contact and marketing data — retained until you withdraw your consent or request deletion, or until we determine the information is no longer needed

7. Access and Correction

Under APP 12 and APP 13, you have the right to:

  • Access your personal information that we hold. We will provide access within a reasonable timeframe (generally within 30 days of your request), subject to any exceptions under the Privacy Act.
  • Request correction of your personal information if it is inaccurate, out of date, incomplete, irrelevant, or misleading. We will take reasonable steps to correct the information within 30 days of your request.

To request access to or correction of your personal information, please contact us using the details in Section 11.

We may refuse access or correction in limited circumstances permitted by the Privacy Act (for example, where providing access would pose a serious threat to safety, or where the request is frivolous or vexatious). If we refuse a request, we will provide written reasons for the refusal and information about how you can make a complaint.

8. Cookies and Website Analytics

Our website (techblaze.com.au) uses cookies and similar technologies to improve your browsing experience and to collect aggregated analytics data.

8.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website operators.

8.2 Types of Cookies We Use

Cookie Type Purpose Duration
Essential cookies Required for the website to function correctly (e.g., session management) Session
Analytics cookies Collect aggregated, anonymised data about how visitors use our website (pages visited, time on site, bounce rate) Up to 26 months
Preference cookies Remember your preferences (e.g., theme, language) Up to 12 months

8.3 Analytics Provider

We use privacy-respecting analytics tools to understand how our website is used. Analytics data is aggregated and does not identify individual visitors. We do not use Google Analytics or other third-party analytics tools that profile users across websites.

8.4 Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to:

  • View what cookies are set on your device
  • Delete individual or all cookies
  • Block third-party cookies
  • Block all cookies from specific or all websites
  • Clear all cookies when you close your browser

Please note that disabling cookies may affect the functionality of our website.

9. Direct Marketing

We may use your personal information to send you direct marketing communications about our services, insights, and publications where:

  • You have consented to receiving such communications; or
  • You would reasonably expect us to use your information for this purpose (for example, where you are an existing client or have made an enquiry)

Every marketing communication we send will include a clear and simple mechanism to opt out (unsubscribe). If you opt out, we will stop sending you marketing communications within five (5) business days.

You can opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Contacting us using the details in Section 11

Opting out of marketing communications will not affect communications that are necessary for the delivery of our services to you.

10. Complaints

If you believe that we have breached the APPs or handled your personal information in a way that is not consistent with this Privacy Policy, you may lodge a complaint with us.

10.1 How to Lodge a Complaint

Please contact us using the details in Section 11. We will:

  1. Acknowledge your complaint within five (5) business days
  2. Investigate the complaint
  3. Provide a written response within 30 days, setting out our findings and any actions we have taken or propose to take

10.2 Escalation

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au
  • Post: GPO Box 5218, Sydney NSW 2001

11. Contact Us

If you have any questions about this Privacy Policy, wish to request access to or correction of your personal information, or wish to lodge a complaint, please contact us:

Tech Blaze Pty Ltd

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via our website or by email.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

This Privacy Policy was last updated on 19 February 2026.